diff --git a/0001-shadow-use-relaxed-usernames.patch b/0001-shadow-use-relaxed-usernames.patch deleted file mode 100644 index 3b7c82d2d92d6ee610d3b397cfbd03e2fcd4b800..0000000000000000000000000000000000000000 --- a/0001-shadow-use-relaxed-usernames.patch +++ /dev/null @@ -1,125 +0,0 @@ -From cfc981df2afc615e3792b918e9ee49e631b0a3a9 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin -Date: Tue, 16 Aug 2022 13:46:22 +0200 -Subject: [PATCH] shadow: use relaxed usernames - -The groupadd from shadow does not allow upper case group names, the -same is true for the upstream shadow. But distributions like -Debian/Ubuntu/CentOS has their own way to cope with this problem, -this patch is picked up from Fedora [1] to relax the usernames -restrictions to allow the upper case group names, and the relaxation is -POSIX compliant because POSIX indicate that usernames are composed of -characters from the portable filename character set [A-Za-z0-9._-]. - -[1] https://src.fedoraproject.org/rpms/shadow-utils/blob/rawhide/f/shadow-4.8-goodname.patch - -Signed-off-by: Alexander Kanavin ---- - libmisc/chkname.c | 38 ++++++++++++++++++++++++++++---------- - man/groupadd.8.xml | 10 ++++++---- - man/useradd.8.xml | 12 ++++++++---- - 3 files changed, 42 insertions(+), 18 deletions(-) - -diff --git a/libmisc/chkname.c b/libmisc/chkname.c -index cb002a148..e31ee8c94 100644 ---- a/libmisc/chkname.c -+++ b/libmisc/chkname.c -@@ -32,26 +32,44 @@ static bool is_valid_name (const char *name) - } - - /* -- * User/group names must match [a-z_][a-z0-9_-]*[$] -- */ -+ * User/group names must match gnu e-regex: -+ * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]? -+ * -+ * as a non-POSIX, extension, allow "$" as the last char for -+ * sake of Samba 3.x "add machine script" -+ * -+ * Also do not allow fully numeric names or just "." or "..". -+ */ -+ int numeric; - -- if (('\0' == *name) || -- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) { -+ if ('\0' == *name || -+ ('.' == *name && (('.' == name[1] && '\0' == name[2]) || -+ '\0' == name[1])) || -+ !((*name >= 'a' && *name <= 'z') || -+ (*name >= 'A' && *name <= 'Z') || -+ (*name >= '0' && *name <= '9') || -+ *name == '_' || -+ *name == '.')) { - return false; - } - -+ numeric = isdigit(*name); -+ - while ('\0' != *++name) { -- if (!(( ('a' <= *name) && ('z' >= *name) ) || -- ( ('0' <= *name) && ('9' >= *name) ) || -- ('_' == *name) || -- ('-' == *name) || -- ( ('$' == *name) && ('\0' == *(name + 1)) ) -+ if (!((*name >= 'a' && *name <= 'z') || -+ (*name >= 'A' && *name <= 'Z') || -+ (*name >= '0' && *name <= '9') || -+ *name == '_' || -+ *name == '.' || -+ *name == '-' || -+ (*name == '$' && name[1] == '\0') - )) { - return false; - } -+ numeric &= isdigit(*name); - } - -- return true; -+ return !numeric; - } - - bool is_valid_user_name (const char *name) -diff --git a/man/groupadd.8.xml b/man/groupadd.8.xml -index 26671f92d..61a548f7e 100644 ---- a/man/groupadd.8.xml -+++ b/man/groupadd.8.xml -@@ -64,10 +64,12 @@ - - CAVEATS - -- Groupnames must start with a lower case letter or an underscore, -- followed by lower case letters, digits, underscores, or dashes. -- They can end with a dollar sign. -- In regular expression terms: [a-z_][a-z0-9_-]*[$]? -+ Groupnames may contain only lower and upper case letters, digits, -+ underscores, or dashes. They can end with a dollar sign. -+ -+ Dashes are not allowed at the beginning of the groupname. -+ Fully numeric groupnames and groupnames . or .. are -+ also disallowed. - - - Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. -diff --git a/man/useradd.8.xml b/man/useradd.8.xml -index af02a23f8..9eb80bbb9 100644 ---- a/man/useradd.8.xml -+++ b/man/useradd.8.xml -@@ -692,10 +692,14 @@ - - - -- Usernames must start with a lower case letter or an underscore, -- followed by lower case letters, digits, underscores, or dashes. -- They can end with a dollar sign. -- In regular expression terms: [a-z_][a-z0-9_-]*[$]? -+ Usernames may contain only lower and upper case letters, digits, -+ underscores, or dashes. They can end with a dollar sign. -+ -+ Dashes are not allowed at the beginning of the username. -+ Fully numeric usernames and usernames . or .. are -+ also disallowed. It is not recommended to use usernames beginning -+ with . character as their home directories will be hidden in -+ the ls output. - - - Usernames may only be up to 32 characters long. diff --git a/add-n-option.patch b/add-n-option.patch deleted file mode 100644 index dc7a7ac3ed4b6e88126c01de1b835f3841fcf19a..0000000000000000000000000000000000000000 --- a/add-n-option.patch +++ /dev/null @@ -1,41 +0,0 @@ -diff -uprN shadow-4.11.1.orgin/src/useradd.c shadow-4.11.1/src/useradd.c ---- shadow-4.11.1.orgin/src/useradd.c 2022-09-25 10:56:42.772435195 +0800 -+++ shadow-4.11.1/src/useradd.c 2022-09-25 11:01:31.599108921 +0800 -@@ -82,7 +82,7 @@ const char *Prog; - static gid_t def_group = 1000; - static const char *def_gname = "other"; - static const char *def_home = "/home"; --static const char *def_shell = "/bin/bash"; -+static const char *def_shell = "/sbin/nologin"; - static const char *def_template = SKEL_DIR; - static const char *def_create_mail_spool = "yes"; - static const char *def_log_init = "yes"; -@@ -93,7 +93,7 @@ static const char *def_expire = ""; - #define VALID(s) (strcspn (s, ":\n") == strlen (s)) - - static const char *user_name = ""; --static const char *user_pass = "!"; -+static const char *user_pass = "!!"; - static uid_t user_id; - static gid_t user_gid; - static const char *user_comment = ""; -@@ -1219,9 +1219,9 @@ static void process_flags (int argc, cha - }; - while ((c = getopt_long (argc, argv, - #ifdef WITH_SELINUX -- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:", -+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:P:s:u:UZ:", - #else /* !WITH_SELINUX */ -- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U", -+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:P:s:u:U", - #endif /* !WITH_SELINUX */ - long_options, NULL)) != -1) { - switch (c) { -@@ -1378,6 +1378,7 @@ static void process_flags (int argc, cha - case 'M': - Mflg = true; - break; -+ case 'n': - case 'N': - Nflg = true; - break; diff --git a/add-sm3-support.patch b/add-sm3-support.patch index b7ab8b3098a6fdb4613e8439cc5492b6406c79f7..969582815f15e69a46dc0c20f7708dade9c206bf 100644 --- a/add-sm3-support.patch +++ b/add-sm3-support.patch @@ -1,17 +1,36 @@ -diff -Naur shadow-4.11.1.orig/configure.ac shadow-4.11.1/configure.ac ---- shadow-4.11.1.orig/configure.ac 2023-02-21 20:17:12.700288020 +0800 -+++ shadow-4.11.1/configure.ac 2023-02-21 20:52:11.880321246 +0800 -@@ -287,6 +287,9 @@ +From 0b85915ba3f2307744913d782592b96e406cda1e Mon Sep 17 00:00:00 2001 +From: zoedong +Date: Fri, 28 Jul 2023 13:13:34 +0800 +Subject: [PATCH] Add sm3 support + +--- + configure.ac | 9 ++++ + etc/login.defs | 18 ++++++++ + lib/encrypt.c | 3 ++ + lib/getdef.c | 4 ++ + libmisc/obscure.c | 3 ++ + libmisc/salt.c | 108 +++++++++++++++++++++++++++++++++++++++++++--- + src/chgpasswd.c | 48 +++++++++++++++------ + src/chpasswd.c | 46 ++++++++++++++------ + src/newusers.c | 59 ++++++++++++++++++------- + src/passwd.c | 3 ++ + 10 files changed, 254 insertions(+), 47 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 924254a..dde1de8 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -274,6 +274,9 @@ AC_ARG_WITH(libcrack, AC_ARG_WITH(sha-crypt, - [AC_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])], + [AS_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])], [with_sha_crypt=$withval], [with_sha_crypt=yes]) +AC_ARG_WITH(sm3-crypt, + [AC_HELP_STRING([--with-sm3-crypt], [allow the SM3 password encryption algorithms @<:@default=yes@:>@])], + [with_sm3_crypt=$withval], [with_sm3_crypt=yes]) AC_ARG_WITH(bcrypt, - [AC_HELP_STRING([--with-bcrypt], [allow the bcrypt password encryption algorithm @<:@default=no@:>@])], + [AS_HELP_STRING([--with-bcrypt], [allow the bcrypt password encryption algorithm @<:@default=no@:>@])], [with_bcrypt=$withval], [with_bcrypt=no]) -@@ -320,6 +323,11 @@ +@@ -307,6 +310,11 @@ if test "$with_sha_crypt" = "yes"; then AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms]) fi @@ -23,7 +42,7 @@ diff -Naur shadow-4.11.1.orig/configure.ac shadow-4.11.1/configure.ac AM_CONDITIONAL(USE_BCRYPT, test "x$with_bcrypt" = "xyes") if test "$with_bcrypt" = "yes"; then AC_DEFINE(USE_BCRYPT, 1, [Define to allow the bcrypt password encryption algorithm]) -@@ -764,6 +772,7 @@ +@@ -752,6 +760,7 @@ echo " tcb support (incomplete): $with_tcb" echo " shadow group support: $enable_shadowgrp" echo " S/Key support: $with_skey" echo " SHA passwords encryption: $with_sha_crypt" @@ -31,10 +50,11 @@ diff -Naur shadow-4.11.1.orig/configure.ac shadow-4.11.1/configure.ac echo " bcrypt passwords encryption: $with_bcrypt" echo " yescrypt passwords encryption: $with_yescrypt" echo " nscd support: $with_nscd" -diff -Naur shadow-4.11.1.orig/etc/login.defs shadow-4.11.1/etc/login.defs ---- shadow-4.11.1.orig/etc/login.defs 2023-02-21 20:17:12.696288019 +0800 -+++ shadow-4.11.1/etc/login.defs 2023-02-22 16:03:43.646993206 +0800 -@@ -325,6 +325,7 @@ +diff --git a/etc/login.defs b/etc/login.defs +index 114dbcd..4d1666a 100644 +--- a/etc/login.defs ++++ b/etc/login.defs +@@ -325,6 +325,7 @@ CHFN_RESTRICT rwh # If set to MD5, MD5-based algorithm will be used for encrypting password # If set to SHA256, SHA256-based algorithm will be used for encrypting password # If set to SHA512, SHA512-based algorithm will be used for encrypting password @@ -42,10 +62,11 @@ diff -Naur shadow-4.11.1.orig/etc/login.defs shadow-4.11.1/etc/login.defs # If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password # If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password # If set to DES, DES-based algorithm will be used for encrypting password (default) -@@ -354,6 +355,23 @@ +@@ -353,6 +354,23 @@ CHFN_RESTRICT rwh + #SHA_CRYPT_MIN_ROUNDS 5000 #SHA_CRYPT_MAX_ROUNDS 5000 - # ++# +# Only works if ENCRYPT_METHOD is set to SM3. +# +# Define the number of SM3 rounds. @@ -62,13 +83,13 @@ diff -Naur shadow-4.11.1.orig/etc/login.defs shadow-4.11.1/etc/login.defs +#SM3_CRYPT_MIN_ROUNDS 5000 +#SM3_CRYPT_MAX_ROUNDS 5000 + -+# + # # Only works if ENCRYPT_METHOD is set to BCRYPT. # - # Define the number of BCRYPT rounds. -diff -Naur shadow-4.11.1.orig/lib/encrypt.c shadow-4.11.1/lib/encrypt.c ---- shadow-4.11.1.orig/lib/encrypt.c 2023-02-21 20:17:12.696288019 +0800 -+++ shadow-4.11.1/lib/encrypt.c 2023-02-27 16:41:33.153595428 +0800 +diff --git a/lib/encrypt.c b/lib/encrypt.c +index c84a255..c64ef89 100644 +--- a/lib/encrypt.c ++++ b/lib/encrypt.c @@ -55,6 +55,9 @@ case 'y': method = "YESCRYPT"; @@ -79,10 +100,11 @@ diff -Naur shadow-4.11.1.orig/lib/encrypt.c shadow-4.11.1/lib/encrypt.c default: { static char nummethod[4] = "$x$"; -diff -Naur shadow-4.11.1.orig/lib/getdef.c shadow-4.11.1/lib/getdef.c ---- shadow-4.11.1.orig/lib/getdef.c 2023-02-21 20:17:12.696288019 +0800 -+++ shadow-4.11.1/lib/getdef.c 2023-02-22 15:40:09.382948536 +0800 -@@ -102,6 +102,10 @@ +diff --git a/lib/getdef.c b/lib/getdef.c +index dcd1fe7..9a8089a 100644 +--- a/lib/getdef.c ++++ b/lib/getdef.c +@@ -102,6 +102,10 @@ static struct itemdef def_table[] = { {"SHA_CRYPT_MAX_ROUNDS", NULL}, {"SHA_CRYPT_MIN_ROUNDS", NULL}, #endif @@ -93,10 +115,11 @@ diff -Naur shadow-4.11.1.orig/lib/getdef.c shadow-4.11.1/lib/getdef.c #ifdef USE_BCRYPT {"BCRYPT_MAX_ROUNDS", NULL}, {"BCRYPT_MIN_ROUNDS", NULL}, -diff -Naur shadow-4.11.1.orig/libmisc/obscure.c shadow-4.11.1/libmisc/obscure.c ---- shadow-4.11.1.orig/libmisc/obscure.c 2023-02-21 20:17:12.692288020 +0800 -+++ shadow-4.11.1/libmisc/obscure.c 2023-02-22 15:38:19.962946514 +0800 -@@ -246,6 +246,9 @@ +diff --git a/libmisc/obscure.c b/libmisc/obscure.c +index 3daaa95..644259d 100644 +--- a/libmisc/obscure.c ++++ b/libmisc/obscure.c +@@ -246,6 +246,9 @@ static /*@observer@*//*@null@*/const char *obscure_msg ( || (strcmp (result, "SHA256") == 0) || (strcmp (result, "SHA512") == 0) #endif @@ -106,9 +129,10 @@ diff -Naur shadow-4.11.1.orig/libmisc/obscure.c shadow-4.11.1/libmisc/obscure.c #ifdef USE_BCRYPT || (strcmp (result, "BCRYPT") == 0) #endif -diff -Naur shadow-4.11.1.orig/libmisc/salt.c shadow-4.11.1/libmisc/salt.c ---- shadow-4.11.1.orig/libmisc/salt.c 2023-02-21 20:17:12.692288020 +0800 -+++ shadow-4.11.1/libmisc/salt.c 2023-03-19 21:17:05.837863622 +0800 +diff --git a/libmisc/salt.c b/libmisc/salt.c +index e5f633a..348f346 100644 +--- a/libmisc/salt.c ++++ b/libmisc/salt.c @@ -63,6 +63,19 @@ #define SHA_ROUNDS_MAX 999999999 #endif @@ -129,7 +153,7 @@ diff -Naur shadow-4.11.1.orig/libmisc/salt.c shadow-4.11.1/libmisc/salt.c #ifdef USE_YESCRYPT /* * Default number of base64 characters used for the salt. -@@ -95,9 +108,9 @@ +@@ -95,9 +108,9 @@ static long read_random_bytes (void); #if !USE_XCRYPT_GENSALT static /*@observer@*/const char *gensalt (size_t salt_size); #endif /* !USE_XCRYPT_GENSALT */ @@ -139,10 +163,10 @@ diff -Naur shadow-4.11.1.orig/libmisc/salt.c shadow-4.11.1/libmisc/salt.c -#endif /* USE_SHA_CRYPT || USE_BCRYPT */ +#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_SM3_CRYPT */ #ifdef USE_SHA_CRYPT - static /*@observer@*/const unsigned long SHA_get_salt_rounds (/*@null@*/int *prefered_rounds); + static /*@observer@*/unsigned long SHA_get_salt_rounds (/*@null@*/const int *prefered_rounds); static /*@observer@*/void SHA_salt_rounds_to_buf (char *buf, unsigned long rounds); -@@ -106,6 +119,10 @@ - static /*@observer@*/const unsigned long BCRYPT_get_salt_rounds (/*@null@*/int *prefered_rounds); +@@ -106,6 +119,10 @@ static /*@observer@*/void SHA_salt_rounds_to_buf (char *buf, unsigned long round + static /*@observer@*/unsigned long BCRYPT_get_salt_rounds (/*@null@*/const int *prefered_rounds); static /*@observer@*/void BCRYPT_salt_rounds_to_buf (char *buf, unsigned long rounds); #endif /* USE_BCRYPT */ +#ifdef USE_SM3_CRYPT @@ -150,9 +174,9 @@ diff -Naur shadow-4.11.1.orig/libmisc/salt.c shadow-4.11.1/libmisc/salt.c +static /*@observer@*/void SM3_salt_rounds_to_buf (char *buf, unsigned long rounds); +#endif /* USE_SM3_CRYPT */ #ifdef USE_YESCRYPT - static /*@observer@*/const unsigned long YESCRYPT_get_salt_cost (/*@null@*/int *prefered_cost); + static /*@observer@*/unsigned long YESCRYPT_get_salt_cost (/*@null@*/const int *prefered_cost); static /*@observer@*/void YESCRYPT_salt_cost_to_buf (char *buf, unsigned long cost); -@@ -194,7 +211,7 @@ +@@ -195,7 +212,7 @@ end: return randval; } @@ -161,7 +185,7 @@ diff -Naur shadow-4.11.1.orig/libmisc/salt.c shadow-4.11.1/libmisc/salt.c /* * Return a random number between min and max (both included). * -@@ -216,7 +233,7 @@ +@@ -217,7 +234,7 @@ static long shadow_random (long min, long max) } return ret; } @@ -170,7 +194,7 @@ diff -Naur shadow-4.11.1.orig/libmisc/salt.c shadow-4.11.1/libmisc/salt.c #ifdef USE_SHA_CRYPT /* Return the the rounds number for the SHA crypt methods. */ -@@ -292,6 +309,80 @@ +@@ -293,6 +310,80 @@ static /*@observer@*/void SHA_salt_rounds_to_buf (char *buf, unsigned long round } #endif /* USE_SHA_CRYPT */ @@ -250,8 +274,8 @@ diff -Naur shadow-4.11.1.orig/libmisc/salt.c shadow-4.11.1/libmisc/salt.c + #ifdef USE_BCRYPT /* Return the the rounds number for the BCRYPT method. */ - static /*@observer@*/const unsigned long BCRYPT_get_salt_rounds (/*@null@*/int *prefered_rounds) -@@ -461,7 +552,7 @@ + static /*@observer@*/unsigned long BCRYPT_get_salt_rounds (/*@null@*/const int *prefered_rounds) +@@ -463,7 +554,7 @@ static /*@observer@*/const char *gensalt (size_t salt_size) * which can both be set inside the login.defs file. * * If meth is specified, an additional parameter can be provided. @@ -260,7 +284,7 @@ diff -Naur shadow-4.11.1.orig/libmisc/salt.c shadow-4.11.1/libmisc/salt.c * (if not NULL). * * For the YESCRYPT method, this specifies the cost factor (if not NULL). */ -@@ -513,6 +604,13 @@ +@@ -515,6 +606,13 @@ static /*@observer@*/const char *gensalt (size_t salt_size) rounds = SHA_get_salt_rounds ((int *) arg); SHA_salt_rounds_to_buf (result, rounds); #endif /* USE_SHA_CRYPT */ @@ -274,9 +298,10 @@ diff -Naur shadow-4.11.1.orig/libmisc/salt.c shadow-4.11.1/libmisc/salt.c } else if (0 != strcmp (method, "DES")) { fprintf (log_get_logfd(), _("Invalid ENCRYPT_METHOD value: '%s'.\n" -diff -Naur shadow-4.11.1.orig/src/chgpasswd.c shadow-4.11.1/src/chgpasswd.c ---- shadow-4.11.1.orig/src/chgpasswd.c 2023-02-21 20:17:12.692288020 +0800 -+++ shadow-4.11.1/src/chgpasswd.c 2023-02-22 16:15:38.547032513 +0800 +diff --git a/src/chgpasswd.c b/src/chgpasswd.c +index d17acb6..f841b54 100644 +--- a/src/chgpasswd.c ++++ b/src/chgpasswd.c @@ -39,15 +39,18 @@ const char *Prog; static bool eflg = false; @@ -298,7 +323,7 @@ diff -Naur shadow-4.11.1.orig/src/chgpasswd.c shadow-4.11.1/src/chgpasswd.c #ifdef USE_BCRYPT static long bcrypt_rounds = 13; #endif -@@ -113,6 +116,9 @@ +@@ -113,6 +116,9 @@ static /*@noreturn@*/void usage (int status) #if defined(USE_SHA_CRYPT) " SHA256 SHA512" #endif @@ -308,7 +333,7 @@ diff -Naur shadow-4.11.1.orig/src/chgpasswd.c shadow-4.11.1/src/chgpasswd.c #if defined(USE_BCRYPT) " BCRYPT" #endif -@@ -126,11 +132,11 @@ +@@ -126,11 +132,11 @@ static /*@noreturn@*/void usage (int status) " the MD5 algorithm\n"), usageout); (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); @@ -323,7 +348,7 @@ diff -Naur shadow-4.11.1.orig/src/chgpasswd.c shadow-4.11.1/src/chgpasswd.c (void) fputs ("\n", usageout); exit (status); -@@ -144,22 +150,22 @@ +@@ -144,22 +150,22 @@ static /*@noreturn@*/void usage (int status) static void process_flags (int argc, char **argv) { int c; @@ -351,7 +376,7 @@ diff -Naur shadow-4.11.1.orig/src/chgpasswd.c shadow-4.11.1/src/chgpasswd.c "c:ehmR:s:", #else "c:ehmR:", -@@ -180,7 +186,7 @@ +@@ -180,7 +186,7 @@ static void process_flags (int argc, char **argv) break; case 'R': /* no-op, handled in process_root_flag () */ break; @@ -360,7 +385,7 @@ diff -Naur shadow-4.11.1.orig/src/chgpasswd.c shadow-4.11.1/src/chgpasswd.c case 's': sflg = true; bad_s = 0; -@@ -190,6 +196,12 @@ +@@ -190,6 +196,12 @@ static void process_flags (int argc, char **argv) bad_s = 1; } #endif /* USE_SHA_CRYPT */ @@ -373,7 +398,7 @@ diff -Naur shadow-4.11.1.orig/src/chgpasswd.c shadow-4.11.1/src/chgpasswd.c #if defined(USE_BCRYPT) if (( (0 == strcmp (crypt_method, "BCRYPT")) && (0 == getlong(optarg, &bcrypt_rounds)))) { -@@ -209,7 +221,7 @@ +@@ -209,7 +221,7 @@ static void process_flags (int argc, char **argv) usage (E_USAGE); } break; @@ -382,7 +407,7 @@ diff -Naur shadow-4.11.1.orig/src/chgpasswd.c shadow-4.11.1/src/chgpasswd.c default: usage (E_USAGE); -@@ -228,7 +240,7 @@ +@@ -228,7 +240,7 @@ static void process_flags (int argc, char **argv) */ static void check_flags (void) { @@ -391,7 +416,7 @@ diff -Naur shadow-4.11.1.orig/src/chgpasswd.c shadow-4.11.1/src/chgpasswd.c if (sflg && !cflg) { fprintf (stderr, _("%s: %s flag is only allowed with the %s flag\n"), -@@ -253,6 +265,9 @@ +@@ -253,6 +265,9 @@ static void check_flags (void) && (0 != strcmp (crypt_method, "SHA256")) && (0 != strcmp (crypt_method, "SHA512")) #endif /* USE_SHA_CRYPT */ @@ -401,7 +426,7 @@ diff -Naur shadow-4.11.1.orig/src/chgpasswd.c shadow-4.11.1/src/chgpasswd.c #ifdef USE_BCRYPT && (0 != strcmp (crypt_method, "BCRYPT")) #endif /* USE_BCRYPT */ -@@ -483,7 +498,7 @@ +@@ -483,7 +498,7 @@ int main (int argc, char **argv) if (md5flg) { crypt_method = "MD5"; } @@ -410,7 +435,7 @@ diff -Naur shadow-4.11.1.orig/src/chgpasswd.c shadow-4.11.1/src/chgpasswd.c if (sflg) { #if defined(USE_SHA_CRYPT) if ( (0 == strcmp (crypt_method, "SHA256")) -@@ -491,6 +506,11 @@ +@@ -491,6 +506,11 @@ int main (int argc, char **argv) arg = &sha_rounds; } #endif /* USE_SHA_CRYPT */ @@ -422,10 +447,11 @@ diff -Naur shadow-4.11.1.orig/src/chgpasswd.c shadow-4.11.1/src/chgpasswd.c #if defined(USE_BCRYPT) if (0 == strcmp (crypt_method, "BCRYPT")) { arg = &bcrypt_rounds; -diff -Naur shadow-4.11.1.orig/src/chpasswd.c shadow-4.11.1/src/chpasswd.c ---- shadow-4.11.1.orig/src/chpasswd.c 2023-02-21 20:17:12.692288020 +0800 -+++ shadow-4.11.1/src/chpasswd.c 2023-02-21 21:22:46.508534335 +0800 -@@ -36,7 +36,7 @@ +diff --git a/src/chpasswd.c b/src/chpasswd.c +index 48d5178..7501555 100644 +--- a/src/chpasswd.c ++++ b/src/chpasswd.c +@@ -38,7 +38,7 @@ const char *Prog; static bool eflg = false; static bool md5flg = false; @@ -434,7 +460,7 @@ diff -Naur shadow-4.11.1.orig/src/chpasswd.c shadow-4.11.1/src/chpasswd.c static bool sflg = false; #endif -@@ -45,6 +45,9 @@ +@@ -47,6 +47,9 @@ static /*@null@*//*@observer@*/const char *crypt_method = NULL; #ifdef USE_SHA_CRYPT static long sha_rounds = 5000; #endif @@ -444,7 +470,7 @@ diff -Naur shadow-4.11.1.orig/src/chpasswd.c shadow-4.11.1/src/chpasswd.c #ifdef USE_BCRYPT static long bcrypt_rounds = 13; #endif -@@ -106,6 +109,9 @@ +@@ -108,6 +111,9 @@ static /*@noreturn@*/void usage (int status) #if defined(USE_SHA_CRYPT) " SHA256 SHA512" #endif @@ -454,7 +480,7 @@ diff -Naur shadow-4.11.1.orig/src/chpasswd.c shadow-4.11.1/src/chpasswd.c #if defined(USE_BCRYPT) " BCRYPT" #endif -@@ -119,11 +125,11 @@ +@@ -121,11 +127,11 @@ static /*@noreturn@*/void usage (int status) " the MD5 algorithm\n"), usageout); (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); @@ -469,7 +495,7 @@ diff -Naur shadow-4.11.1.orig/src/chpasswd.c shadow-4.11.1/src/chpasswd.c (void) fputs ("\n", usageout); exit (status); -@@ -137,23 +143,23 @@ +@@ -139,23 +145,23 @@ static /*@noreturn@*/void usage (int status) static void process_flags (int argc, char **argv) { int c; @@ -498,7 +524,7 @@ diff -Naur shadow-4.11.1.orig/src/chpasswd.c shadow-4.11.1/src/chpasswd.c "c:ehmR:s:", #else "c:ehmR:", -@@ -174,7 +180,7 @@ +@@ -176,7 +182,7 @@ static void process_flags (int argc, char **argv) break; case 'R': /* no-op, handled in process_root_flag () */ break; @@ -507,7 +533,7 @@ diff -Naur shadow-4.11.1.orig/src/chpasswd.c shadow-4.11.1/src/chpasswd.c case 's': sflg = true; bad_s = 0; -@@ -184,6 +190,12 @@ +@@ -186,6 +192,12 @@ static void process_flags (int argc, char **argv) bad_s = 1; } #endif /* USE_SHA_CRYPT */ @@ -518,9 +544,9 @@ diff -Naur shadow-4.11.1.orig/src/chpasswd.c shadow-4.11.1/src/chpasswd.c + } +#endif /* USE_SM3_CRYPT */ #if defined(USE_BCRYPT) - if (( (0 == strcmp (crypt_method, "BCRYPT")) - && (0 == getlong(optarg, &bcrypt_rounds)))) { -@@ -203,7 +215,7 @@ + if (IS_CRYPT_METHOD("BCRYPT") + && (0 == getlong(optarg, &bcrypt_rounds))) { +@@ -205,7 +217,7 @@ static void process_flags (int argc, char **argv) usage (E_USAGE); } break; @@ -529,7 +555,7 @@ diff -Naur shadow-4.11.1.orig/src/chpasswd.c shadow-4.11.1/src/chpasswd.c default: usage (E_USAGE); -@@ -222,7 +234,7 @@ +@@ -224,7 +236,7 @@ static void process_flags (int argc, char **argv) */ static void check_flags (void) { @@ -538,28 +564,27 @@ diff -Naur shadow-4.11.1.orig/src/chpasswd.c shadow-4.11.1/src/chpasswd.c if (sflg && !cflg) { fprintf (stderr, _("%s: %s flag is only allowed with the %s flag\n"), -@@ -247,6 +259,9 @@ - && (0 != strcmp (crypt_method, "SHA256")) - && (0 != strcmp (crypt_method, "SHA512")) +@@ -249,6 +261,9 @@ static void check_flags (void) + &&(!IS_CRYPT_METHOD("SHA256")) + &&(!IS_CRYPT_METHOD("SHA512")) #endif /* USE_SHA_CRYPT */ +#ifdef USE_SM3_CRYPT + && (0 != strcmp (crypt_method, "SM3")) +#endif /* USE_SM3_CRYPT */ #ifdef USE_BCRYPT - && (0 != strcmp (crypt_method, "BCRYPT")) + &&(!IS_CRYPT_METHOD("BCRYPT")) #endif /* USE_BCRYPT */ -@@ -516,7 +531,7 @@ - if (md5flg) { - crypt_method = "MD5"; - } +@@ -405,13 +420,18 @@ static const char *get_salt(void) + if (md5flg) { + crypt_method = "MD5"; + } -#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) - if (sflg) { + if (sflg) { #if defined(USE_SHA_CRYPT) - if ( (0 == strcmp (crypt_method, "SHA256")) -@@ -524,6 +539,11 @@ - arg = &sha_rounds; - } + if (IS_CRYPT_METHOD("SHA256") || IS_CRYPT_METHOD("SHA512")) { + arg = &sha_rounds; + } #endif /* USE_SHA_CRYPT */ +#if defined(USE_SM3_CRYPT) + if (0 == strcmp (crypt_method, "SM3")) { @@ -567,12 +592,13 @@ diff -Naur shadow-4.11.1.orig/src/chpasswd.c shadow-4.11.1/src/chpasswd.c + } +#endif /* USE_SM3_CRYPT */ #if defined(USE_BCRYPT) - if (0 == strcmp (crypt_method, "BCRYPT")) { - arg = &bcrypt_rounds; -diff -Naur shadow-4.11.1.orig/src/newusers.c shadow-4.11.1/src/newusers.c ---- shadow-4.11.1.orig/src/newusers.c 2023-02-21 20:17:12.692288020 +0800 -+++ shadow-4.11.1/src/newusers.c 2023-02-22 11:30:00.150115709 +0800 -@@ -58,12 +58,15 @@ + if (IS_CRYPT_METHOD("BCRYPT")) { + arg = &bcrypt_rounds; +diff --git a/src/newusers.c b/src/newusers.c +index deeb361..d504a0e 100644 +--- a/src/newusers.c ++++ b/src/newusers.c +@@ -58,12 +58,15 @@ static bool rflg = false; /* create a system account */ #ifndef USE_PAM static /*@null@*//*@observer@*/char *crypt_method = NULL; #define cflg (NULL != crypt_method) @@ -589,7 +615,7 @@ diff -Naur shadow-4.11.1.orig/src/newusers.c shadow-4.11.1/src/newusers.c #ifdef USE_BCRYPT static long bcrypt_rounds = 13; #endif /* USE_BCRYPT */ -@@ -124,6 +127,9 @@ +@@ -124,6 +127,9 @@ static void usage (int status) #if defined(USE_SHA_CRYPT) " SHA256 SHA512" #endif @@ -599,7 +625,7 @@ diff -Naur shadow-4.11.1.orig/src/newusers.c shadow-4.11.1/src/newusers.c #if defined(USE_BCRYPT) " BCRYPT" #endif -@@ -136,11 +142,11 @@ +@@ -136,11 +142,11 @@ static void usage (int status) (void) fputs (_(" -r, --system create system accounts\n"), usageout); (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); #ifndef USE_PAM @@ -614,7 +640,7 @@ diff -Naur shadow-4.11.1.orig/src/newusers.c shadow-4.11.1/src/newusers.c #endif /* !USE_PAM */ (void) fputs ("\n", usageout); -@@ -423,6 +429,13 @@ +@@ -422,6 +428,13 @@ static int update_passwd (struct passwd *pwd, const char *password) } } #endif /* USE_SHA_CRYPT */ @@ -628,7 +654,7 @@ diff -Naur shadow-4.11.1.orig/src/newusers.c shadow-4.11.1/src/newusers.c #if defined(USE_BCRYPT) if (sflg) { if (0 == strcmp (crypt_method, "BCRYPT")) { -@@ -477,6 +490,13 @@ +@@ -478,6 +491,13 @@ static int add_passwd (struct passwd *pwd, const char *password) } } #endif /* USE_SHA_CRYPT */ @@ -642,19 +668,19 @@ diff -Naur shadow-4.11.1.orig/src/newusers.c shadow-4.11.1/src/newusers.c #if defined(USE_BCRYPT) if (sflg) { if (0 == strcmp (crypt_method, "BCRYPT")) { -@@ -607,9 +627,9 @@ - static void process_flags (int argc, char **argv) +@@ -609,9 +629,9 @@ static void process_flags (int argc, char **argv) { int c; + #ifndef USE_PAM -#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) +#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) int bad_s; -#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ +#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT || USE_SM3_CRYPT */ + #endif /* !USE_PAM */ static struct option long_options[] = { - {"badnames", no_argument, NULL, 'b'}, - #ifndef USE_PAM -@@ -619,20 +639,20 @@ + {"badname", no_argument, NULL, 'b'}, +@@ -622,20 +642,20 @@ static void process_flags (int argc, char **argv) {"system", no_argument, NULL, 'r'}, {"root", required_argument, NULL, 'R'}, #ifndef USE_PAM @@ -680,7 +706,7 @@ diff -Naur shadow-4.11.1.orig/src/newusers.c shadow-4.11.1/src/newusers.c #else /* USE_PAM */ "bhr", #endif -@@ -655,7 +675,7 @@ +@@ -658,7 +678,7 @@ static void process_flags (int argc, char **argv) case 'R': /* no-op, handled in process_root_flag () */ break; #ifndef USE_PAM @@ -689,7 +715,7 @@ diff -Naur shadow-4.11.1.orig/src/newusers.c shadow-4.11.1/src/newusers.c case 's': sflg = true; bad_s = 0; -@@ -665,6 +685,12 @@ +@@ -668,6 +688,12 @@ static void process_flags (int argc, char **argv) bad_s = 1; } #endif /* USE_SHA_CRYPT */ @@ -702,7 +728,7 @@ diff -Naur shadow-4.11.1.orig/src/newusers.c shadow-4.11.1/src/newusers.c #if defined(USE_BCRYPT) if (( (0 == strcmp (crypt_method, "BCRYPT")) && (0 == getlong(optarg, &bcrypt_rounds)))) { -@@ -684,7 +710,7 @@ +@@ -687,7 +713,7 @@ static void process_flags (int argc, char **argv) usage (EXIT_FAILURE); } break; @@ -711,7 +737,7 @@ diff -Naur shadow-4.11.1.orig/src/newusers.c shadow-4.11.1/src/newusers.c #endif /* !USE_PAM */ default: usage (EXIT_FAILURE); -@@ -718,14 +744,14 @@ +@@ -721,14 +747,14 @@ static void process_flags (int argc, char **argv) static void check_flags (void) { #ifndef USE_PAM @@ -728,7 +754,7 @@ diff -Naur shadow-4.11.1.orig/src/newusers.c shadow-4.11.1/src/newusers.c if (cflg) { if ( (0 != strcmp (crypt_method, "DES")) -@@ -735,6 +761,9 @@ +@@ -738,6 +764,9 @@ static void check_flags (void) && (0 != strcmp (crypt_method, "SHA256")) && (0 != strcmp (crypt_method, "SHA512")) #endif /* USE_SHA_CRYPT */ @@ -738,10 +764,11 @@ diff -Naur shadow-4.11.1.orig/src/newusers.c shadow-4.11.1/src/newusers.c #ifdef USE_BCRYPT && (0 != strcmp (crypt_method, "BCRYPT")) #endif /* USE_BCRYPT */ -diff -Naur shadow-4.11.1.orig/src/passwd.c shadow-4.11.1/src/passwd.c ---- shadow-4.11.1.orig/src/passwd.c 2023-02-21 20:17:12.692288020 +0800 -+++ shadow-4.11.1/src/passwd.c 2023-02-22 11:33:06.518108266 +0800 -@@ -257,6 +257,9 @@ +diff --git a/src/passwd.c b/src/passwd.c +index 8c6f81a..4c15de6 100644 +--- a/src/passwd.c ++++ b/src/passwd.c +@@ -257,6 +257,9 @@ static int new_password (const struct passwd *pw) || (strcmp (method, "SHA256") == 0) || (strcmp (method, "SHA512") == 0) #endif /* USE_SHA_CRYPT */ @@ -751,3 +778,6 @@ diff -Naur shadow-4.11.1.orig/src/passwd.c shadow-4.11.1/src/passwd.c #ifdef USE_BCRYPT || (strcmp (method, "BCRYPT") == 0) #endif /* USE_BCRYPT*/ +-- +2.41.0 + diff --git a/backport-nss-get-shadow-logfd-with-log-get-logfd.patch b/backport-nss-get-shadow-logfd-with-log-get-logfd.patch deleted file mode 100644 index 39285be8aea57ee5ee6cc9502269e80363c001c1..0000000000000000000000000000000000000000 --- a/backport-nss-get-shadow-logfd-with-log-get-logfd.patch +++ /dev/null @@ -1,28 +0,0 @@ -diff -uprN shadow-4.11.1.orig/lib/nss.c shadow-4.11.1/lib/nss.c ---- shadow-4.11.1.orig/lib/nss.c 2022-06-09 19:21:50.524925576 +0800 -+++ shadow-4.11.1/lib/nss.c 2022-06-09 19:22:10.145097268 +0800 -@@ -9,6 +9,7 @@ - #include "prototypes.h" - #include "../libsubid/subid.h" - #include "shadowlog_internal.h" -+#include "shadowlog.h" - - #define NSSWITCH "/etc/nsswitch.conf" - -@@ -42,6 +43,7 @@ void nss_init(char *nsswitch_path) { - FILE *nssfp = NULL; - char *line = NULL, *p, *token, *saveptr; - size_t len = 0; -+ FILE *shadow_logfd = log_get_logfd(); - - if (atomic_flag_test_and_set(&nss_init_started)) { - // Another thread has started nss_init, wait for it to complete -@@ -57,7 +59,7 @@ void nss_init(char *nsswitch_path) { - // subid: files - nssfp = fopen(nsswitch_path, "r"); - if (!nssfp) { -- fprintf(shadow_logfd, "Failed opening %s: %m", nsswitch_path); -+ fprintf(shadow_logfd, "Failed opening %s: %m\n", nsswitch_path); - atomic_store(&nss_init_completed, true); - return; - } diff --git a/shadow-utils.spec b/shadow-utils.spec index 2ebb1329968087064aea7a7ce53488264542aefd..33b99d10d91a167460171dafc81b70d13f267fc5 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -1,17 +1,14 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils -Version: 4.11.1 -Release: 7%{?dist} +Version: 4.13 +Release: 1%{?dist} License: BSD and GPLv2+ URL: https://github.com/shadow-maint/shadow -Source0: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz +Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz Source1: shadow-utils.useradd Source2: shadow-utils.login.defs -Patch0001: 0001-shadow-use-relaxed-usernames.patch -Patch5000: backport-nss-get-shadow-logfd-with-log-get-logfd.patch -Patch5001: add-n-option.patch -Patch5002: add-sm3-support.patch +Patch5000: add-sm3-support.patch BuildRequires: autoconf, automake, gcc, make, libtool BuildRequires: libacl-devel, libattr-devel @@ -196,6 +193,9 @@ install -m 644 libsubid/subid.h %{buildroot}/%{_includedir}/shadow/ %{_libdir}/libsubid.so %changelog +* Fri Jul 28 2023 Miaojun Dong - 4.13-1 +- Bump version to 4.13 + * Fri Apr 28 2023 OpenCloudOS Release Engineering - 4.11.1-7 - Rebuilt for OpenCloudOS Stream 23.05 diff --git a/sources b/sources index aba21d0359abdaa3f1e32114135122f120b44dab..b238e092d1228c9b10cacd2b807331b8c2c12c22 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (shadow-4.11.1.tar.xz) = 12fbe4d6ac929ad3c21525ed0f1026b5b678ccec9762f2ec7e611d9c180934def506325f2835fb750dd30af035b592f827ff151cd6e4c805aaaf8e01425c279f +SHA512 (shadow-4.13.tar.xz) = 2949a728c3312bef13d23138d6b79caf402781b1cb179e33b5be546c1790971ec20778d0e9cd3dbe09691d928ffcbe88e60da42fab58c69a90d5ebe5e3e2ab8e